package com.yy.main.app.springsession;

import com.yy.constant.AppConstant;
import com.yy.kit.annotation.HasPers;
import com.yy.kit.log.YYLogKits;
import com.yy.kit.object.YYObjectKits;
import com.yy.kit.string.YYStrKits;
import com.yy.main.app.service.IPermissionService;
import com.yy.pojo.base.TUser;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.util.List;

/**
 * <p>
 * session拦截器，判断用户是否登陆
 * </p>
 *
 * @author 杨阳
 * @since 2017年9月1日14:54:54
 */
public class SecurityInterceptor implements HandlerInterceptor {

    private IPermissionService iPermissionService;

    public SecurityInterceptor(IPermissionService iPermissionService) {
        this.iPermissionService = iPermissionService;
    }

    @Override
    public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3) throws Exception {

    }

    @Override
    public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, ModelAndView arg3) throws Exception {

    }

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        if (handler instanceof HandlerMethod) {
            HasPers has = ((HandlerMethod) handler).getMethodAnnotation(HasPers.class);
            if (YYObjectKits.isNull(has)) {
                // 表示方法上没有添加注解，直接返回true，不需要验证
                YYLogKits.info(SecurityInterceptor.class, "┌───────────────────────────────────────────────────────────────────────────┐");
                YYLogKits.info(SecurityInterceptor.class, "├用户安全拦截器，用户请求URI:{} ", request.getRequestURI());
                YYLogKits.info(SecurityInterceptor.class, "├用户安全拦截器，用户请求URL:{} ", request.getRequestURL());
                YYLogKits.info(SecurityInterceptor.class, "├没有添加权限注解，直接通过检查....");
                YYLogKits.info(SecurityInterceptor.class, "└───────────────────────────────────────────────────────────────────────────┘");
                return true;
            } else {
                // 获取用户的所有权限,查看是否包含当前的权限
                HttpSession session = request.getSession();
                TUser user = (TUser) session.getAttribute(AppConstant.SESSION_KEY);
                if (null == user) {
                    YYLogKits.info(SecurityInterceptor.class, "┌───────────────────────────────────────────────────────────────────────────┐");
                    YYLogKits.info(SecurityInterceptor.class, "├用户安全拦截器，用户请求URI:{} ", request.getRequestURI());
                    YYLogKits.info(SecurityInterceptor.class, "├用户安全拦截器，用户请求URL:{} ", request.getRequestURL());
                    YYLogKits.info(SecurityInterceptor.class, "├session失效，跳转到登陆页面....");
                    YYLogKits.info(SecurityInterceptor.class, "└───────────────────────────────────────────────────────────────────────────┘");
                    response.sendRedirect("/");
                    return false;
                } else {
                    List<String> authenticationList = iPermissionService.getUserPerAuthentication(user.getId());
                    String value = has.name();
                    if (YYStrKits.isBlank(value)) {
                        YYLogKits.info(SecurityInterceptor.class, "┌───────────────────────────────────────────────────────────────────────────┐");
                        YYLogKits.info(SecurityInterceptor.class, "├用户安全拦截器，用户请求URI:{} ", request.getRequestURI());
                        YYLogKits.info(SecurityInterceptor.class, "├用户安全拦截器，用户请求URL:{} ", request.getRequestURL());
                        YYLogKits.error(SecurityInterceptor.class, "├注解异常，没有加入权限认证码!!!!....");
                        YYLogKits.error(SecurityInterceptor.class, "└───────────────────────────────────────────────────────────────────────────┘");
                        return false;
                    } else {
                        if (value.contains(",")) {// 如果权限字符串中包含逗号，那么需要拆分一下，只要满足其中一个条件就可以了
                            String[] vals = value.split(",");
                            for (String val : vals) {
                                if (authenticationList.contains(val)) {
                                    YYLogKits.info(SecurityInterceptor.class, "┌───────────────────────────────────────────────────────────────────────────┐");
                                    YYLogKits.info(SecurityInterceptor.class, "├用户安全拦截器，用户请求URI:{} ", request.getRequestURI());
                                    YYLogKits.info(SecurityInterceptor.class, "├用户安全拦截器，用户请求URL:{} ", request.getRequestURL());
                                    YYLogKits.info(SecurityInterceptor.class, "├用户拥有[{}]权限，通过检查....", value);
                                    YYLogKits.info(SecurityInterceptor.class, "└───────────────────────────────────────────────────────────────────────────┘");
                                    return true;
                                }
                            }
                            // 如果到了这里那应该说明用逗号分解后的组数里的条件一个都没满足，那直接返回false
                            YYLogKits.info(SecurityInterceptor.class, "┌───────────────────────────────────────────────────────────────────────────┐");
                            YYLogKits.info(SecurityInterceptor.class, "├用户安全拦截器，用户请求URI:{} ", request.getRequestURI());
                            YYLogKits.info(SecurityInterceptor.class, "├用户安全拦截器，用户请求URL:{} ", request.getRequestURL());
                            YYLogKits.info(SecurityInterceptor.class, "├用户未拥有[{}]权限，跳转到登陆页面....", value);
                            YYLogKits.info(SecurityInterceptor.class, "└───────────────────────────────────────────────────────────────────────────┘");
                            return false;
                        } else {
                            if (authenticationList.contains(value)) {
                                YYLogKits.info(SecurityInterceptor.class, "┌───────────────────────────────────────────────────────────────────────────┐");
                                YYLogKits.info(SecurityInterceptor.class, "├用户安全拦截器，用户请求URI:{} ", request.getRequestURI());
                                YYLogKits.info(SecurityInterceptor.class, "├用户安全拦截器，用户请求URL:{} ", request.getRequestURL());
                                YYLogKits.info(SecurityInterceptor.class, "├用户拥有[{}]权限，通过检查....", value);
                                YYLogKits.info(SecurityInterceptor.class, "└───────────────────────────────────────────────────────────────────────────┘");
                                return true;
                            } else {
                                YYLogKits.info(SecurityInterceptor.class, "┌───────────────────────────────────────────────────────────────────────────┐");
                                YYLogKits.info(SecurityInterceptor.class, "├用户安全拦截器，用户请求URI:{} ", request.getRequestURI());
                                YYLogKits.info(SecurityInterceptor.class, "├用户安全拦截器，用户请求URL:{} ", request.getRequestURL());
                                YYLogKits.info(SecurityInterceptor.class, "├用户未拥有[{}]权限，跳转到登陆页面....", value);
                                YYLogKits.info(SecurityInterceptor.class, "└───────────────────────────────────────────────────────────────────────────┘");
                                response.sendRedirect("/");
                                return false;
                            }
                        }
                    }
                }
            }
        }
        return true;
    }

}
